Only allow ephemeral RSA keys in export ciphersuites.

OpenSSL clients would tolerate temporary RSA keys in non-export ciphersuites. It also had an option SSL_OP_EPHEMERAL_RSA which enabled this server side. Remove both options as they are a protocol violation. Thanks to Karthikeyan Bhargavan for reporting this issue. (CVE-2015-0204) Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> (cherry picked from commit 4b4c1fcc88aec8c9e001b0a0077d3cd4de1ed0e6) Conflicts: CHANGES doc/ssl/SSL_CTX_set_options.pod ssl/d1_srvr.c ssl/s3_srvr.c
author: Dr. Stephen Henson <steve@openssl.org> 2014-10-23 17:09:57 +0100
committer: Dr. Stephen Henson <steve@openssl.org> 2015-01-06 13:27:22 +0000
commit: 72f181539118828ca966a0f8d03f6428e2bcf0d6 (patch)
tree: 634e6010fe0142661f0002fe6e9af57f874165c2 /ssl/s3_clnt.c
parent: e42a2abadc90664e2615dc63ba7f79cf163f780a (diff)
1 files changed, 7 insertions, 0 deletions
diff --git a/ssl/s3_clnt.c b/ssl/s3_clnt.c
index 256fc94e26..2402a06163 100644
--- a/ssl/s3_clnt.c
+++ b/ssl/s3_clnt.c
@@ -1180,6 +1180,13 @@ int ssl3_get_key_exchange(SSL *s)
 #ifndef OPENSSL_NO_RSA
 	if (alg & SSL_kRSA)
 		{
+		/* Temporary RSA keys only allowed in export ciphersuites */
+		if (!SSL_C_IS_EXPORT(s->s3->tmp.new_cipher))
+			{
+			al=SSL_AD_UNEXPECTED_MESSAGE;
+			SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_UNEXPECTED_MESSAGE);
+			goto f_err;
+			}
 		if ((rsa=RSA_new()) == NULL)
 			{
 			SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE);
author	Dr. Stephen Henson <steve@openssl.org>	2014-10-23 17:09:57 +0100
committer	Dr. Stephen Henson <steve@openssl.org>	2015-01-06 13:27:22 +0000
commit	72f181539118828ca966a0f8d03f6428e2bcf0d6 (patch)
tree	634e6010fe0142661f0002fe6e9af57f874165c2 /ssl/s3_clnt.c
parent	e42a2abadc90664e2615dc63ba7f79cf163f780a (diff)